Firmware Released for Hacked Netgear Routers

Patched firmware has been released to fix the vulnerability issue in Netgear’s routers.

For quite some time, Netgear was experiencing a vulnerability that affected its routers where hackers were able to change the routers’ DNS settings. Even though more than 10,000 routers have already been attacked, last night Netgear released a patched firmware to fix the issue.

Back in late July, Netgear was privately informed about the issue by Swiss Company Compass Security. Shortly after, Netgear gave Compass Security a beta version of firmware in which fixed the security issue, however, the company did not specify when a public release would take place.

Netgear was publically warned again in September by researchers at Shellshock Labs who explained that the exploit “allows for ‘full remote unauthenticated root access’ of routers.” Shellshock also shared that WAN administration has to be enabled for the vulnerability to be usable.

Once the N300_1.1.0.31_1.0.1.img and N300-1.1.0.28_1.0.1.img firmware are affected, the attacker has access to the router without needing the password.

How it works:

A user wants access to the web interface, so a http authentication login process begins

If the username and password is unavailable, the user gets redirected to the 401_access_denied.htm file

An attacker calls the URL http://<ROUTER-IP>/BRS_netgear_sucess.html several times

The attacker can access the administrative web interface without the username and password prompt

Quick Links

Contact

We use cookies to help us improve our webpage. By scrolling, or using the site, you automatically accept cookies, or by clicking Accept. Please read our Privacy Policy and Terms and Conditions.
By clicking "Refuse" you are refusing 3rd party non-functional cookies. AcceptRefusePrivacy policy